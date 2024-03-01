Following a short consultation period, the Office of the Superintendent of Financial Institutions ("OSFI") released its final Integrity and Security Guideline ("I&S Guideline") on Jan. 31, 2024. This new guidance from OSFI focuses on federally regulated financial institutions' ("FRFIs") acting with integrity and securing themselves against diverse threats, including foreign interference.

The key dates and deliverables under the I&S Guideline are as follows:

The I&S Guideline applies to: banks, cooperative credit associations, foreign bank branches, foreign insurance branches, life insurance and fraternal insurance companies, property and casualty insurance companies and trust and loan companies. The I&S Guideline applies to foreign branches of banks and insurers to the extent that it is relevant to their ability to meet applicable requirements and legal obligations in Canada.

Integrity and security

Integrity and security are outcomes of separate risk management practices, but are related in that acting with integrity can enhance a FRFI's security.

OSFI will soon require regulated FRFIs to establish, implement, maintain and adhere to adequate policies and procedures to protect against threats to integrity or security.

The I&S Guideline has a specific approach to proportionality. OSFI will apply the I&S Guideline on a proportional basis assessed with reference to the FRFI's: ownership structure, strategy and risk profile and scope, nature and location of operations.

Outcomes and principles

The I&S Guideline is organized around two expected outcomes, each with supporting principles that are designed to increase the likelihood of the outcomes.

1. Integrity

Outcome: Actions, behaviours, and decisions are consistent with the letter and intent of regulatory expectations, laws, and codes of conduct. Topic Principle Summary Character Principle 1: Responsible persons and leaders are of good character and demonstrate integrity through their actions, behaviours, and decisions. The importance of good character and integrity are directly proportional to the power and influence a person has within an organization. Culture Principle 2: Culture that demonstrates integrity is deliberately shaped, evaluated, and maintained. Cultures are variable across organizations, but all cultures should reflect a commitment to norms that encourage ethical behaviour. What is considered acceptable and unacceptable within an organization should be deliberately shaped, evaluated and maintained. Governance Principle 3: Governance structures subject actions, behaviours, and decisions to appropriate scrutiny and challenge. Sound governance involves scrutinizing and challenging actions, behaviours, and decisions, and building trust with stakeholders. It also requires effective oversight of senior management, clear communication of expectations, and regular monitoring of compliance with codes of conduct. Compliance Principle 4: Effective mechanisms to identify and verify compliance with regulatory expectations, laws, and codes of conduct exist. Compliance risk management is a vital aspect of integrity. An enterprise-wide regulatory compliance management (RCM) framework is an essential tool for this purpose. It should address actions, behaviours, and decisions against compliance requirements and include internal and external channels in which concerns can be raised.



2. Security